	
	-- 增加目录
    package.path = "/usr/local/Cellar/openresty-my/nginx/lua/?.lua;"..package.path
	local  common = require  "common"
	local cjson = require "cjson"
	local dyups = require "ngx.dyups"
	local red = require "resty.redis"
	local serverName = ngx.var.target

	-- 获取http请求里的token 随机串
	function getUserTokenFromHttp() 
	  local arg = ngx.req.get_uri_args()
	  local token_user = nil 
	  for k,v in pairs(arg) do
	    if k=="token_user" then
	        token_user =v
	     end   
	  end
	 
	  return  token_user 
	end
	function judgeAuthority(randomStr,serverName)
	 --获取有权限的moduleList
	  local moduleList = redis:hget(randomStr,"moduleList")
	  
	  ngx.log(ngx.ERR, "OK moduleList is gotten!! the user authority are : ",moduleList)
	  local arr=common:split2(moduleList,",")  
	   -- 若当前域名不在列表里
	  local canPass = false
	  for k,v in pairs(arr) do
	     if v == serverName then 
	      ngx.log(ngx.ERR, "OK the user can pass  ",serverName)
	      canPass = true
	     end 	    
	  end
	  local remote_authority = redis:hget(randomStr,"4A_token")
	  ngx.log(ngx.ERR, "Remote_authority!!  ",remote_authority)
	  if remote_authority==ngx.null then 
	      canPass=false
	      ngx.log(ngx.ERR, "Sorry the user dont have 4A authority!!  ",serverName)
	  end  
	   return canPass 

	  end 
    

	
--[[redis = red:new()
	redis:set_timeout(1000) -- 1 sec
	local ok, err = redis:connect("127.0.0.1", 6379)
	if not ok then
	 ngx.say("failed to connect redis: ", err)
	 return
	end
--]]

    local rc = require("resty.redis.connector").new({
                connect_timeout = 50,
                read_timeout = 5000,
                keepalive_timeout = 30000,
                password = "yanlei",
               
            })
     redis, err = rc:connect{
             url = "sentinel://yanlei@mymaster:m",
             sentinels = {
                { 
                host = "127.0.0.1", port = 26379,
                host = "127.0.0.1", port = 26380,
                host = "127.0.0.1", port = 26381   
                },
            }
          }

	


    
	common:tryLimit(redis,serverName) --先限流
	local cookie_token_user = ngx.var.cookie_token_user
	local cookie_token_4A = ngx.var.cookie_token_4A

	
	

	if cookie_token_user ~= nil then   -- cookie里token不为空的  拿随机串去redis查url权限
	 ngx.log(ngx.ERR, "cookie_token_user22",cookie_token_user)
	   -- 使用随机串获取redis里的upstream列表信息  为了在nginx里更新
	 local canPass= judgeAuthority(cookie_token_user,serverName)
	 if not canPass then 
	      ngx.var.target = "www.python.com" 
	      ngx.log(ngx.ERR, "Sorry the user canNot pass!!  ",serverName)
	 end 

	else   -- 没cookie就尝试查看是否有http参数

	  -- 获取http里参数说明是第一次设置Cookie 要设置4ACookie
	 local token_user = getUserTokenFromHttp() 
	  if not token_user then 
	    ngx.log(ngx.ERR, "http token_user does not exist ","...~...")
	    ngx.var.target = "www.python.com"    -- 去python页面生成token_user再来访问
	  else   --有token_user 就生成Cookie  先去redis取用户信息
	       --获取有权限的moduleList

	    local canPass= judgeAuthority(token_user,serverName)
		if not canPass then 
		  ngx.var.target = "www.python.com" 
		  ngx.log(ngx.ERR, "Sorry the user canNot pass!!  ",serverName)
		else
		  ngx.header["Set-Cookie"] = "token_user ="..token_user.."; Path=/;Expires="..ngx.cookie_time(ngx.time() + 60 * 100)  --失效时间单位 秒
		end 

	  end


	end

              
